Abstract:
This paper analyses and addresses the growing threat of phishing in cyberspace. Digital transactions and communications have, over the past decade, been increasingly transpiring at an accelerated rate. This non-linear progression has generated a myriad of risks associated with the utilization of information and communication technologies in cyberspace communications, amongst the most important of which is the online phishing crime.
This paper aims to provide an overview of the risks related to this crime and seeks to offer some solutions based on the necessity of pursuing an international policy encompassing strategic, regulatory and technical approaches.
Keywords: Phishing - Cybercrime – Cyberspace - Identity theft
1. Introduction
Phishing [1] is the act of sending an email to a user falsely claiming to be an established legitimate business in an attempt to scam the user into surrendering private information that will be used for identity theft. [2] The email directs the user to visit a Web site where he or she is asked to update personal information, [3] such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has issued. [4] The Web site, however, is bogus and set up only to steal the user’s information. [5] Phishing combines the power of the internet with universal human nature to defraud millions of people out of billions of dollars. [6] Nearly every internet user has received a phishing email by now.
On such account, phishing is a serious crime that merits due consideration and adequate prevention and combating. Phishing may be committed in whole or in part by the use of information and communication technologies (ICTs), which dispenses with face – to – face physical contact and allows for distance counters. [7] Historically, fraud involved face-to-face communication since physical contact was primarily the norm. [8] Even when remote communication — i.e., snail mail—could be used to set up a fraudulent transaction, it was often still necessary for the parties to meet and consummate the crime with a physical transfer of the tangible property obtained by deceit. [9] Nevertheless, the proliferation of ICTs has exerted a profound impact upon the nature and form of the crime, and has altered the mechanisms of crime commission. [10] Nowadays, perpetrators can use fraudulent emails and fake websites to scam thousands of victims located around the globe, and may expend less effort in doing so than their predecessors. [11] This new form of automated or electronic crime distinguishes online virtual fraud from real-world fraud in at least two important respects: [12] (a) it is far more difficult for law enforcement officers to identify and apprehend online fraudsters; and (b) these offenders can commit crimes on a far broader scale than their real-world counterparts.
Studies indicate that the number of phishing incidents is increasing at an alarming rate. [13] A recent report by the Anti – Phishing Working Group (APWG) found that phishing attacks have increased. [14] In May 2006, alone, more than 20, 109 emails and 11, 976 phishing web sites, representing 137 hijacked brands were reported and tracked by the APWG. [15] In the United States, it was estimated that between May 2004 and May 2005, 1,2 million internet users were victims of phishing, totaling approx. $ 929 million USD. [16] In the United Kingdom, losses from phishing almost doubled to £ 23.2 m in 2005, from £ 12.2 m in 2004. [17]
Finally, online phishing does carry the seeds of a potential conflict between national legal systems due to the intrinsic transnational and cross-border implications of such crimes, and the relative variation and divergence of national and regional policies dealing with such crimes. Whilst national and international efforts are underway to establish harmonized and consistent national strategies and policies to combat cybercrime, global condemnation as well as adequate universal policies may not be achieved in the near future at least until all states recognize the importance of ICTs and the need for existence of an adequate regulatory framework. [18]
This paper aims to provide an overview of the risks related to this crime and seeks to offer some solutions based on the necessity of pursuing an international policy encompassing strategic, regulatory and technical approaches.
Keywords: Phishing - Cybercrime – Cyberspace - Identity theft
1. Introduction
Phishing [1] is the act of sending an email to a user falsely claiming to be an established legitimate business in an attempt to scam the user into surrendering private information that will be used for identity theft. [2] The email directs the user to visit a Web site where he or she is asked to update personal information, [3] such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has issued. [4] The Web site, however, is bogus and set up only to steal the user’s information. [5] Phishing combines the power of the internet with universal human nature to defraud millions of people out of billions of dollars. [6] Nearly every internet user has received a phishing email by now.
On such account, phishing is a serious crime that merits due consideration and adequate prevention and combating. Phishing may be committed in whole or in part by the use of information and communication technologies (ICTs), which dispenses with face – to – face physical contact and allows for distance counters. [7] Historically, fraud involved face-to-face communication since physical contact was primarily the norm. [8] Even when remote communication — i.e., snail mail—could be used to set up a fraudulent transaction, it was often still necessary for the parties to meet and consummate the crime with a physical transfer of the tangible property obtained by deceit. [9] Nevertheless, the proliferation of ICTs has exerted a profound impact upon the nature and form of the crime, and has altered the mechanisms of crime commission. [10] Nowadays, perpetrators can use fraudulent emails and fake websites to scam thousands of victims located around the globe, and may expend less effort in doing so than their predecessors. [11] This new form of automated or electronic crime distinguishes online virtual fraud from real-world fraud in at least two important respects: [12] (a) it is far more difficult for law enforcement officers to identify and apprehend online fraudsters; and (b) these offenders can commit crimes on a far broader scale than their real-world counterparts.
Studies indicate that the number of phishing incidents is increasing at an alarming rate. [13] A recent report by the Anti – Phishing Working Group (APWG) found that phishing attacks have increased. [14] In May 2006, alone, more than 20, 109 emails and 11, 976 phishing web sites, representing 137 hijacked brands were reported and tracked by the APWG. [15] In the United States, it was estimated that between May 2004 and May 2005, 1,2 million internet users were victims of phishing, totaling approx. $ 929 million USD. [16] In the United Kingdom, losses from phishing almost doubled to £ 23.2 m in 2005, from £ 12.2 m in 2004. [17]
Finally, online phishing does carry the seeds of a potential conflict between national legal systems due to the intrinsic transnational and cross-border implications of such crimes, and the relative variation and divergence of national and regional policies dealing with such crimes. Whilst national and international efforts are underway to establish harmonized and consistent national strategies and policies to combat cybercrime, global condemnation as well as adequate universal policies may not be achieved in the near future at least until all states recognize the importance of ICTs and the need for existence of an adequate regulatory framework. [18]
No comments:
Post a Comment